EUVD-2005-0831

Malware in sbrugna...

UBUNTU-CVE-2019-3890

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference...

Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

CVE-2017-8937

The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

ANA App SSL Certificate Validation Security Bypass Vulnerability

ANA App is a suite of ANA airline inquiry applications. ANA App fails to properly validate SSL certificates, allowing remote attackers to exploit this vulnerability to conduct man-in-the-middle attacks and spoof trusted servers...

CVE-2014-7717

The Mills-Hazel Property Mgmt aka com.appexpress.millshazelpropertymanagement application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7515

The Bail Bonds aka com.onesolutionapps.chadlewisbailbondsandroid application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7327

The Macau Business aka com.magzter.macaubusiness application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6867

The Sortir en Alsace aka com.axessweb.sortirenalsace application 0.5b for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The Puppy Slots aka air.com.starluxstudios.PuppySlotsFree application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

APOP password recovery vulnerability

Overview POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol. It is reported that APOP passwords could be recovered by third parties. In its successful attack, the attacker spoofs itself as the mail server, provides challenge...